[German]HP has published a warning about a buffer overflow vulnerability in the firmware of various printer models (Inkjet, Laserjet Pro and HP PageWide Pro printers) on September 21, 2022. One vulnerability even potentially allows remote code execution (RCE). Firmware updates for the affected printer models are now available.
Advertising
Vulnerability in HP printers
There are two serious vulnerabilities in various HP printers, as HP discloses in security advisory ish_6839789-6839813-16 dated September 21, 2022. Certain HP printing products are potentially vulnerable to a buffer overflow and/or remote code execution. It affects the following vulnerabilities:
- CVE-2022-28721: CVSS 9.8, Risk: Critical
- CVE-2022-28722: CVSS 7.1, Risk: High
HP is not disclosing details about the two vulnerabilities. HP has since released firmware updates to address the vulnerabilities for the affected devices. To get the updated firmware, go to HP's software and driver downloads page. Then, the firmware update can be searched for by entering the printer model. According to HP, various inkjet printers (HP DeskJet), Laserjet Pro printers and HP PageWide Pro printers are affected. Details can be found in the security notice (the page takes quite a long time to load).
Advertising
Be aware: Product Numbers on the Advisory page are inaccurate. Recommend searching HP's download site by Product Number to get correct firmware for your model.